01 April 2025

CyberArk has unveiled its 2025 State of Machine Identity Security Report, which indicates a troubling increase in security incidents related to machine identities.

With machine identities growing in number and complexity, 67% of UK-based organizations reported experiencing at least one outage related to certificates within the past year, a significant rise compared to earlier reports. Furthermore, 43% of security leaders acknowledged experiencing incidents or breaches attributed to compromised machine identities.

As organizations increasingly adopt artificial intelligence (AI), cloud-native technologies, and face shorter lifespans for machine identities, the proliferation of machine identities — including certificates, keys, secrets, and access tokens — has intensified. Many organizations find it challenging to keep pace, and fragmented efforts to secure these machine identities introduce additional risks. The findings underscore the serious business consequences of inadequately securing machine identities, exposing organizations to potential outages and breaches.

In a study involving over 1,200 security leaders from various countries, CyberArk identified key insights from its latest research. The frequency of outages associated with machine identities has risen dramatically, with 67% of UK respondents indicating they experienced at least one certificate-related outage in the past year. Alarmingly, 52% reported experiencing outages on a monthly basis, while 31% faced them weekly.

The report highlights the substantial impacts of machine identity-related compromises, revealing that 43% of UK security leaders encountered incidents or breaches due to compromised machine identities over the past year. These incidents resulted in delayed application launches for 46% of respondents, negatively affected customer experience for 47%, and led to unauthorized access to sensitive data or networks for 41%.

As machine identities continue to outnumber human identities at an accelerating rate, security leaders anticipate a further increase of up to 150% in the number of machine identities within their organizations over the next year.

The rising threat landscape associated with AI is another critical concern, with 81% of security leaders asserting that machine identity security will be essential for safeguarding future AI developments. Seventy-four percent emphasize that protecting AI models from manipulation and theft necessitates a stronger focus on machine identity authentication and authorization.

Despite 86% of security leaders reporting the existence of some form of machine identity security program, many admitted these programs lack maturity. A significant concern among UK respondents is the absence of a cohesive strategy for machine identity security (40%), followed closely by difficulties adapting to the rapid turnover of machine identities (36%) and issues caused by expired certificates leading to service disruptions (33%).

Moreover, the lack of a unified approach to securing machine identities introduces risks, as responsibilities are often divided among various teams — security (55%), development (29%), and platform (13%) teams — creating inefficiencies and management challenges.